Step-by-Step Guide: Configuring Symantec LiveUpdate Manually
Maintaining up-to-date security definitions is critical for protecting your network from emerging threats. While automatic updates are standard, configuring Symantec LiveUpdate manually provides administrators with precise control over bandwidth consumption, update schedules, and source servers.
This guide walks you through the manual configuration of LiveUpdate settings within Symantec Endpoint Protection Manager (SEPM). Step 1: Access LiveUpdate Policy Settings Launch the Symantec Endpoint Protection Manager console. Log in using your administrator credentials. Click on Policies in the left-hand navigation pane. Select LiveUpdate under the Policies menu. Click on the LiveUpdate Settings tab.
Right-click your existing policy and select Edit, or click Add a LiveUpdate Settings Policy to create a new one. Step 2: Configure the Update Source
Administrators can choose where client machines fetch their updates. Balancing these sources helps optimize internal network traffic. In the policy editing window, click on Server Settings. Choose your primary update source:
Default Symantec Management Server: Clients pull updates directly from the local SEPM server. This is ideal for localized networks.
LiveUpdate Server: Clients download updates directly from Symantec’s public internet servers. This is recommended for remote or roaming users.
Use a specified internal LiveUpdate server: Select this option if you host an internal LiveUpdate Administrator (LUA) server to distribute content.
Configure a Failover Server by checking the secondary source box to ensure continuity if the primary server goes offline. Step 3: Establish a Manual or Customized Schedule
To prevent network congestion, avoid updating all clients simultaneously. Click on Schedule in the left menu of the policy window. Uncheck the automatic update option to take manual control. Select your preferred frequency: Daily, Weekly, or Hourly.
Set a specific start time during off-peak hours (e.g., 11:00 PM) to minimize the impact on user productivity.
Enable Randomize download randomization window and set it to 60 minutes. This staggers client check-ins so hundreds of machines do not request files at the exact same second. Step 4: Select Specific Content Types
You can control exactly what types of security data your endpoints download to save disk space and bandwidth.
Navigate to the Advanced Settings or Content tab (depending on your SEPM version).
Review the list of available definitions, such as Antivirus, Antispyware, Intrusion Prevention (IPS), and Sonar.
Check the boxes only for the security modules actively deployed in your environment. Save the policy changes by clicking OK. Step 5: Assign the Policy to Client Groups
A policy does not take effect until it is actively applied to your target machines. Right-click your newly configured LiveUpdate policy. Select Assign.
Check the boxes next to the specific Client Groups you want to target.
Click Assign and confirm the prompt. Clients will pull the new configuration during their next heartbeat check-in.
Leave a Reply